Complete WSGI support rewrite.

7abca36a · Lennart Regebro · c4cceb84 · 9c8f4d5e · e32a284a · 7abca36a
Commit 7abca36a authored Apr 30, 2006 by Lennart Regebro
10 changed files
--- a/doc/CHANGES.txt
+++ b/doc/CHANGES.txt
@@ -49,6 +49,17 @@ Zope Changes
    Features added
+      - The traversal has been refactored to take heed of Zope3s 
+        IPublishTraverse adapter interfaces. The ZCML directives 
+        five:traversable and five:defaultViewable are therefore no
+        longer needed, as everything now is five:traversable and
+        five:defaultViewable. 
+        There was a bug in earlier versions of Five that allowed you 
+        to do custom publishing traversal with ITraversable adapters.
+        This bug has been corrected. Anybody using ITraversable 
+        adapters need to convert them to IPublishTraversal adapters.
      - Testing.makerequest: Added an 'environ' argument so
        clients can use mappings other than os.environ.

--- a/lib/python/OFS/Traversable.py
+++ b/lib/python/OFS/Traversable.py
@@ -25,9 +25,14 @@ from AccessControl.ZopeGuards import guarded_getattr
 from Acquisition import Acquired, aq_inner, aq_parent, aq_base
 from zExceptions import NotFound
 from ZODB.POSException import ConflictError
-from zope.interface import implements
+from zope.interface import implements, Interface
 from interfaces import ITraversable
+from zope.app.traversing.interfaces import ITraversable as IZope3Traversable
+from zope.component import queryMultiAdapter
+from zope.app.traversing.interfaces import TraversalError
+from zope.app.traversing.namespace import nsParse
+from zope.app.traversing.namespace import namespaceLookup
 _marker = object()
@@ -59,6 +64,7 @@ class Traversable:
            return self.virtual_url_path()
        spp = self.getPhysicalPath()
        try:
            toUrl = self.REQUEST.physicalPathToURL
        except AttributeError:
@@ -133,7 +139,6 @@ class Traversable:
        If true, then all of the objects along the path are validated with
        the security machinery. Usually invoked using restrictedTraverse().
        """
        if not path:
            return self
@@ -188,7 +193,19 @@ class Traversable:
                        continue
                bobo_traverse = _getattr(obj, '__bobo_traverse__', _none)
-                if bobo_traverse is not _none:
+                if name and name[:1] in '@+':
+                    # Process URI segment parameters.
+                    ns, nm = nsParse(name)
+                    if ns:
+                        try:
+                            next = namespaceLookup(ns, nm, obj, 
+                                                   self.REQUEST).__of__(obj)
+                            if restricted and not securityManager.validate(
+                                obj, obj, name, next):
+                                raise Unauthorized, name
+                        except TraversalError:
+                            raise AttributeError(name)
+                elif bobo_traverse is not _none:
                    next = bobo_traverse(REQUEST, name)
                    if restricted:
                        if aq_base(next) is not next:
@@ -227,12 +244,21 @@ class Traversable:
                    else:
                        next = _getattr(obj, name, marker)
                    if next is marker:
+                        try:
                            try:
                                next=obj[name]
                            except AttributeError:
                                # Raise NotFound for easier debugging
                                # instead of AttributeError: __getitem__
                                raise NotFound, name
+                        except (NotFound, KeyError): 
+                            # Try to look for a view
+                            next = queryMultiAdapter((obj, self.REQUEST), 
+                                                     Interface, name)
+                            if next is None:
+                                # Didn't find one, reraise the error:
+                                raise
+                            next = next.__of__(obj)
                        if restricted and not securityManager.validate(
                            obj, obj, _none, next):
                            raise Unauthorized, name

--- a/lib/python/Products/PageTemplates/Expressions.py
+++ b/lib/python/Products/PageTemplates/Expressions.py
@@ -248,12 +248,28 @@ class NotExpr:
    def __repr__(self):
        return 'not:%s' % `self._s`
+from zope.interface import Interface, implements
+from zope.component import queryMultiAdapter
+from zope.app.traversing.namespace import nsParse
+from zope.app.traversing.namespace import namespaceLookup
+from zope.app.traversing.interfaces import TraversalError
+from zope.publisher.interfaces.browser import IBrowserRequest
+from zope.app.publication.browser import setDefaultSkin
+class FakeRequest(dict):
+    implements(IBrowserRequest)
+    def getURL(self):
+        return "http://codespeak.net/z3/five"
 def restrictedTraverse(object, path, securityManager,
                       get=getattr, has=hasattr, N=None, M=[],
                       TupleType=type(()) ):
-    REQUEST = {'path': path}
+    REQUEST = FakeRequest()
+    REQUEST['path'] = path
    REQUEST['TraversalRequestNameStack'] = path = path[:] # Copy!
+    setDefaultSkin(REQUEST)
    path.reverse()
    validate = securityManager.validate
    __traceback_info__ = REQUEST
@@ -282,7 +298,18 @@ def restrictedTraverse(object, path, securityManager,
                continue
        t=get(object, '__bobo_traverse__', N)
-        if t is not N:
+        if name and name[:1] in '@+':
+            # Process URI segment parameters.
+            ns, nm = nsParse(name)
+            if ns:
+                try:
+                    o = namespaceLookup(ns, nm, object, 
+                                           REQUEST).__of__(object)
+                    if not validate(object, object, name, o):
+                        raise Unauthorized, name
+                except TraversalError:
+                    raise AttributeError(name)
+        elif t is not N:
            o=t(REQUEST, name)
            container = None
@@ -305,7 +332,16 @@ def restrictedTraverse(object, path, securityManager,
                    # XXX maybe in Python 2.2 we can just check whether
                    # the object has the attribute "__getitem__"
                    # instead of blindly catching exceptions.
+                    try:
                        o = object[name]
+                    except (AttributeError, KeyError):
+                        # Try to look for a view
+                        o = queryMultiAdapter((object, REQUEST), 
+                                                 Interface, name)
+                        if o is None:
+                            # Didn't find one, reraise the error:
+                            raise
+                        o = o.__of__(object)
                except AttributeError, exc:
                    if str(exc).find('__getitem__') >= 0:
                        # The object does not support the item interface.

--- a/lib/python/ZPublisher/BaseRequest.py
+++ b/lib/python/ZPublisher/BaseRequest.py
@@ -16,10 +16,22 @@ $Id$
 """
 from urllib import quote
 import xmlrpc
-from zExceptions import Forbidden
+from zExceptions import Forbidden, Unauthorized, NotFound
+from zope.interface import implements, providedBy, Interface
+from zope.component import queryMultiAdapter
+from zope.component import getSiteManager
+from zope.component.interfaces import ComponentLookupError
 from zope.event import notify
 from zope.app.publication.interfaces import EndRequestEvent
+from zope.app.publisher.browser import queryDefaultViewName
+from zope.publisher.interfaces import IPublishTraverse
+from zope.component.interfaces import IDefaultViewName
+from zope.publisher.interfaces.browser import IBrowserPublisher
+from zope.publisher.interfaces.browser import IBrowserRequest
+from zope.app.traversing.interfaces import TraversalError
+from zope.app.traversing.namespace import nsParse
+from zope.app.traversing.namespace import namespaceLookup
 UNSPECIFIED_ROLES=''
@@ -45,6 +57,86 @@ except ImportError:
    def getRoles(container, name, value, default):
        return getattr(value, '__roles__', default)
+class DefaultPublishTraverse(object):
+    implements(IBrowserPublisher)
+    def __init__(self, context, request):
+        self.context = context
+        self.request = request
+    def publishTraverse(self, request, name):
+        object = self.context
+        URL=request['URL']
+        if name[:1]=='_':
+            raise Forbidden("Object name begins with an underscore at: %s" % URL)
+        try:
+            if hasattr(object,'__bobo_traverse__'):
+                subobject=object.__bobo_traverse__(request, name)
+                if type(subobject) is type(()) and len(subobject) > 1:
+                    # Add additional parents into the path
+                    # XXX This needs handling. Check the publish refactor branch...
+                    parents[-1:] = list(subobject[:-1])
+                    object, subobject = subobject[-2:]
+            else:
+                try:
+                    subobject=getattr(object, name)
+                except AttributeError:
+                    subobject=object[name]
+        except (AttributeError, KeyError, NotFound):
+            # Find a view even if it doesn't start with @@, but only
+            # If nothing else could be found
+            subobject = queryMultiAdapter((object, request), Interface, name)
+            if subobject is not None:
+                # OFS.Application.__bobo_traverse__ calls
+                # REQUEST.RESPONSE.notFoundError which sets the HTTP
+                # status code to 404
+                request.RESPONSE.setStatus(200)
+                # We don't need to do the docstring security check
+                # for views, so lets skip it and return the object here.
+                return subobject.__of__(object) 
+            raise
+        # Ensure that the object has a docstring, or that the parent
+        # object has a pseudo-docstring for the object. Objects that
+        # have an empty or missing docstring are not published.
+        doc = getattr(subobject, '__doc__', None)
+        if doc is None:
+            doc = getattr(object, '%s__doc__' % name, None)
+        if not doc:
+            raise Forbidden(
+                "The object at %s has an empty or missing " \
+                "docstring. Objects must have a docstring to be " \
+                "published." % URL
+                )
+        # Hack for security: in Python 2.2.2, most built-in types
+        # gained docstrings that they didn't have before. That caused
+        # certain mutable types (dicts, lists) to become publishable
+        # when they shouldn't be. The following check makes sure that
+        # the right thing happens in both 2.2.2+ and earlier versions.
+        if not typeCheck(subobject):
+            raise Forbidden(
+                "The object at %s is not publishable." % URL
+                )
+        return subobject
+    def browserDefault(self, request):
+        if hasattr(self.context, '__browser_default__'):
+            return self.context.__browser_default__(request)
+        # Zope 3.2 still uses IDefaultView name when it
+        # registeres default views, even though it's
+        # deprecated. So we handle that here:
+        default_name = queryDefaultViewName(self.context, request)
+        if default_name is not None:
+            return self.context, (default_name,)
+        return self.context, ()
 _marker=[]
 class BaseRequest:
@@ -184,6 +276,35 @@ class BaseRequest:
    __repr__=__str__
+    def traverseName(self, ob, name):
+        if name and name[:1] in '@+':
+            # Process URI segment parameters.
+            ns, nm = nsParse(name)
+            if ns:
+                try:
+                    ob2 = namespaceLookup(ns, nm, ob, self)
+                except TraversalError:
+                    raise KeyError(ob, name)
+                return ob2.__of__(ob)
+        if name == '.':
+            return ob
+        if IPublishTraverse.providedBy(ob):
+            ob2 = ob.publishTraverse(self, name)
+        else:
+            adapter = queryMultiAdapter((ob, self), IPublishTraverse)
+            if adapter is None:
+                ## Zope2 doesn't set up its own adapters in a lot of cases
+                ## so we will just use a default adapter.
+                adapter = DefaultPublishTraverse(ob, self)
+            ob2 = adapter.publishTraverse(self, name)
+        return ob2
    def traverse(self, path, response=None, validated_hook=None):
        """Traverse the object space
@@ -193,7 +314,6 @@ class BaseRequest:
        request=self
        request_get=request.get
        if response is None: response=self.response
-        debug_mode=response.debug_mode
        # remember path for later use
        browser_path = path
@@ -235,14 +355,14 @@ class BaseRequest:
        object=parents[-1]
        del parents[:]
-        roles = getRoles(None, None, object, UNSPECIFIED_ROLES)
+        self.roles = getRoles(None, None, object, UNSPECIFIED_ROLES)
        # if the top object has a __bobo_traverse__ method, then use it
        # to possibly traverse to an alternate top-level object.
        if hasattr(object,'__bobo_traverse__'):
            try:
                object=object.__bobo_traverse__(request)
-                roles = getRoles(None, None, object, UNSPECIFIED_ROLES)
+                self.roles = getRoles(None, None, object, UNSPECIFIED_ROLES)
            except: pass
        if not path and not method:
@@ -278,15 +398,28 @@ class BaseRequest:
                # Check for method:
                if path:
                    entry_name = path.pop() 
-                elif hasattr(object, '__browser_default__'):
+                else:
-                    # If we have reached the end of the path. We look to see
+                    # If we have reached the end of the path, we look to see
-                    # if the object implements __browser_default__. If so, we
+                    # if we can find IBrowserPublisher.browserDefault. If so,
-                    # call it to let the object tell us how to publish it
+                    # we call it to let the object tell us how to publish it
-                    # __browser_default__ returns the object to be published
+                    # BrowserDefault returns the object to be published
                    # (usually self) and a sequence of names to traverse to
-                    # find the method to be published. (Casey)
+                    # find the method to be published.
+                    if (IBrowserPublisher.providedBy(object) or 
+                        IDefaultViewName.providedBy(object)):
+                        adapter = object
+                    else:
+                        adapter = queryMultiAdapter((object, self), 
+                                                    IBrowserPublisher)
+                        if adapter is None:
+                            # Zope2 doesn't set up its own adapters in a lot
+                            # of cases so we will just use a default adapter.
+                            adapter = DefaultPublishTraverse(object, self)
+                    newobject, default_path = adapter.browserDefault(self)
+                    if default_path or newobject is not object:
+                        object = newobject
                        request._hacked_path=1
-                    object, default_path = object.__browser_default__(request)
                        if len(default_path) > 1:
                            path = list(default_path)
                            method = path.pop()
@@ -301,9 +434,9 @@ class BaseRequest:
                        entry_name = method
                        method = 'index_html'
                    else:
-                    if (hasattr(object, '__call__')):
+                        if hasattr(object, '__call__'):
-                        roles = getRoles(object, '__call__', object.__call__,
+                            self.roles = getRoles(object, '__call__', object.__call__,
-                                         roles)
+                                                  self.roles)
                        if request._hacked_path:
                            i=URL.rfind('/')
                            if i > 0: response.setBase(URL[:i])
@@ -311,28 +444,38 @@ class BaseRequest:
                step = quote(entry_name)
                _steps.append(step)
                request['URL'] = URL = '%s/%s' % (request['URL'], step)
-                got = 0
-                if entry_name[:1]=='_':
-                    if debug_mode:
-                        return response.debugError(
-                          "Object name begins with an underscore at: %s" % URL)
-                    else: return response.forbiddenError(entry_name)
-                if hasattr(object,'__bobo_traverse__'):
                try:
-                        subobject=object.__bobo_traverse__(request,entry_name)
+                    subobject = self.traverseName(object, entry_name)
-                        if type(subobject) is type(()) and len(subobject) > 1:
+                    if (hasattr(object,'__bobo_traverse__') or 
-                            # Add additional parents into the path
+                        hasattr(object, entry_name)):
-                            parents[-1:] = list(subobject[:-1])
+                        check_name = entry_name
-                            object, subobject = subobject[-2:]
+                    else:
-                    except (AttributeError, KeyError):
+                        check_name = None
-                        if debug_mode:
+                    self.roles = getRoles(
+                        object, check_name, subobject,
+                        self.roles)
+                    object = subobject
+                except (KeyError, AttributeError):
+                    if response.debug_mode:
                        return response.debugError(
                            "Cannot locate object at: %s" % URL)
                    else:
                        return response.notFoundError(URL)
+                except Forbidden, e:
+                    if self.response.debug_mode:
+                        return response.debugError(e.args)
                    else: 
-                    try:
+                        return response.forbiddenError(entry_name)
+                parents.append(object)
+                steps.append(entry_name)
+        finally:
+            parents.reverse()
        # Note - no_acquire_flag is necessary to support
        # things like DAV.  We have to make sure
        # that the target object is not acquired
@@ -342,59 +485,12 @@ class BaseRequest:
        # an object 'test' existed above it in the
        # heirarchy -- you'd always get the
        # existing object :(
+        if (no_acquire_flag and
-                        if (no_acquire_flag and len(path) == 0 and
+            hasattr(parents[1], 'aq_base') and 
-                            hasattr(object, 'aq_base')):
+            not hasattr(parents[1],'__bobo_traverse__')):
-                            if hasattr(object.aq_base, entry_name):
+            if not (hasattr(parents[1].aq_base, entry_name) or
-                                subobject=getattr(object, entry_name)
+                    parents[1].aq_base.has_key(entry_name)):
-                            else: raise AttributeError, entry_name
+                raise AttributeError, entry_name
-                        else: subobject=getattr(object, entry_name)
-                    except AttributeError:
-                        got=1
-                        try: subobject=object[entry_name]
-                        except (KeyError, IndexError,
-                                TypeError, AttributeError):
-                            if debug_mode:
-                                return response.debugError(
-                                    "Cannot locate object at: %s" % URL)
-                            else:
-                                return response.notFoundError(URL)
-                # Ensure that the object has a docstring, or that the parent
-                # object has a pseudo-docstring for the object. Objects that
-                # have an empty or missing docstring are not published.
-                doc = getattr(subobject, '__doc__', None)
-                if doc is None:
-                    doc = getattr(object, '%s__doc__' % entry_name, None)
-                if not doc:
-                    return response.debugError(
-                        "The object at %s has an empty or missing " \
-                        "docstring. Objects must have a docstring to be " \
-                        "published." % URL
-                        )
-                # Hack for security: in Python 2.2.2, most built-in types
-                # gained docstrings that they didn't have before. That caused
-                # certain mutable types (dicts, lists) to become publishable
-                # when they shouldn't be. The following check makes sure that
-                # the right thing happens in both 2.2.2+ and earlier versions.
-                if not typeCheck(subobject):
-                    return response.debugError(
-                        "The object at %s is not publishable." % URL
-                        )
-                roles = getRoles(
-                    object, (not got) and entry_name or None, subobject,
-                    roles)
-                # Promote subobject to object
-                object=subobject
-                parents.append(object)
-                steps.append(entry_name)
-        finally:
-            parents.reverse()
        # After traversal post traversal hooks aren't available anymore
        del self._post_traverse
@@ -427,25 +523,25 @@ class BaseRequest:
                auth=request._auth
-                if v is old_validation and roles is UNSPECIFIED_ROLES:
+                if v is old_validation and self.roles is UNSPECIFIED_ROLES:
                    # No roles, so if we have a named group, get roles from
                    # group keys
-                    if hasattr(groups,'keys'): roles=groups.keys()
+                    if hasattr(groups,'keys'): self.roles=groups.keys()
                    else:
                        try: groups=groups()
                        except: pass
-                        try: roles=groups.keys()
+                        try: self.roles=groups.keys()
                        except: pass
                    if groups is None:
                        # Public group, hack structures to get it to validate
-                        roles=None
+                        self.roles=None
                        auth=''
                if v is old_validation:
-                    user=old_validation(groups, request, auth, roles)
+                    user=old_validation(groups, request, auth, self.roles)
-                elif roles is UNSPECIFIED_ROLES: user=v(request, auth)
+                elif self.roles is UNSPECIFIED_ROLES: user=v(request, auth)
-                else: user=v(request, auth, roles)
+                else: user=v(request, auth, self.roles)
                while user is None and i < last_parent_index:
                    parent=parents[i]
@@ -456,11 +552,11 @@ class BaseRequest:
                    if hasattr(groups,'validate'): v=groups.validate
                    else: v=old_validation
                    if v is old_validation:
-                        user=old_validation(groups, request, auth, roles)
+                        user=old_validation(groups, request, auth, self.roles)
-                    elif roles is UNSPECIFIED_ROLES: user=v(request, auth)
+                    elif self.roles is UNSPECIFIED_ROLES: user=v(request, auth)
-                    else: user=v(request, auth, roles)
+                    else: user=v(request, auth, self.roles)
-            if user is None and roles != UNSPECIFIED_ROLES:
+            if user is None and self.roles != UNSPECIFIED_ROLES:
                response.unauthorized()
        if user is not None:

--- a/lib/python/ZPublisher/Publish.py
+++ b/lib/python/ZPublisher/Publish.py
@@ -122,7 +122,6 @@ def publish(request, module_name, after_list, debug=0,
        return response
    except:
        # DM: provide nicer error message for FTP
        sm = None
        if response is not None:

--- a/lib/python/ZServer/HTTPResponse.py
+++ b/lib/python/ZServer/HTTPResponse.py
@@ -311,6 +311,15 @@ class ChannelPipe:
            self._close=1
        self._request.reply_code=response.status
+    def start_response(self, status, headers, exc_info=None):
+        # Used for WSGI
+        status = 'HTTP/%s %s\r\n' % (self._request.version, status)
+        self.write(status)
+        headers = '\r\n'.join([': '.join(x) for x in headers])
+        self.write(headers)
+        self.write('\r\n\r\n')
+        return self.write
 is_proxying_match = re.compile(r'[^ ]* [^ \\]*:').match
 proxying_connection_re = re.compile ('Proxy-Connection: (.*)', re.IGNORECASE)

--- a/lib/python/ZServer/HTTPServer.py
+++ b/lib/python/ZServer/HTTPServer.py
@@ -279,6 +279,48 @@ class zhttp_handler:
            </ul>""" %(self.module_name, self.hits)
            )
+from HTTPResponse import ChannelPipe
+class zwsgi_handler(zhttp_handler):
+    def continue_request(self, sin, request):
+        "continue handling request now that we have the stdin"
+        s=get_header(CONTENT_LENGTH, request.header)
+        if s:
+            s=int(s)
+        else:
+            s=0
+        DebugLogger.log('I', id(request), s)
+        env=self.get_environment(request)
+        version = request.version
+        if version=='1.0' and is_proxying_match(request.request):
+            # a request that was made as if this zope was an http 1.0 proxy.
+            # that means we have to use some slightly different http
+            # headers to manage persistent connections.
+            connection_re = proxying_connection_re
+        else:
+            # a normal http request
+            connection_re = CONNECTION
+        env['http_connection'] = get_header(connection_re,
+                                            request.header).lower()
+        env['server_version']=request.channel.server.SERVER_IDENT
+        env['wsgi.output'] = ChannelPipe(request)
+        env['wsgi.input'] = sin
+        env['wsgi.errors']       = sys.stderr
+        env['wsgi.version']      = (1,0)
+        env['wsgi.multithread']  = True
+        env['wsgi.multiprocess'] = True
+        env['wsgi.run_once']     = True
+        env['wsgi.url_scheme']   = env['SERVER_PROTOCOL'].split('/')[0]
+        request.channel.current_request=None
+        request.channel.queue.append(('Zope2WSGI', env, 
+                                      env['wsgi.output'].start_response))
+        request.channel.work()
 class zhttp_channel(http_channel):

--- a/lib/python/ZServer/PubCore/ZServerPublisher.py
+++ b/lib/python/ZServer/PubCore/ZServerPublisher.py
@@ -14,13 +14,24 @@
 class ZServerPublisher:
    def __init__(self, accept):
        from ZPublisher import publish_module
+        from ZPublisher.WSGIPublisher import publish_module as publish_wsgi
        while 1:
+            name, a, b=accept()
+            if name == "Zope2":
                try:
-                name, request, response=accept()
                    publish_module(
                        name,
-                    request=request,
+                        request=a,
-                    response=response)
+                        response=b)
                finally:
-                response._finish()
+                    b._finish()
-                request=response=None
+                    a=b=None
+            elif name == "Zope2WSGI":
+                try:
+                    res = publish_wsgi(a, b)
+                    for r in res:
+                        a['wsgi.output'].write(r)
+                finally:
+                    a['wsgi.output']._close = 1
+                    a['wsgi.output'].close()
--- a/lib/python/ZServer/component.xml
+++ b/lib/python/ZServer/component.xml
@@ -19,6 +19,7 @@
         receive WebDAV source responses to GET requests.
       </description>
     </key>
+     <key name="use-wsgi" datatype="boolean" default="off" />
  </sectiontype>
  <sectiontype name="webdav-source-server"
@@ -26,6 +27,7 @@
               implements="ZServer.server">
     <key name="address" datatype="inet-binding-address"/>
     <key name="force-connection-close" datatype="boolean" default="off"/>
+     <key name="use-wsgi" datatype="boolean" default="off" />
  </sectiontype>
  <sectiontype name="persistent-cgi"

--- a/lib/python/ZServer/datatypes.py
+++ b/lib/python/ZServer/datatypes.py
@@ -71,6 +71,7 @@ class HTTPServerFactory(ServerFactory):
        # webdav-source-server sections won't have webdav_source_clients:
        webdav_clients = getattr(section, "webdav_source_clients", None)
        self.webdav_source_clients = webdav_clients
+        self.use_wsgi = section.use_wsgi
    def create(self):
        from ZServer.AccessLogger import access_logger
@@ -86,6 +87,9 @@ class HTTPServerFactory(ServerFactory):
    def createHandler(self):
        from ZServer import HTTPServer
+        if self.use_wsgi:
+            return HTTPServer.zwsgi_handler(self.module, '', self.cgienv)
+        else:
            return HTTPServer.zhttp_handler(self.module, '', self.cgienv)